Kaspersky's response is located at http://www.viruslist.com/en/weblog?weblogid=208187633 (What really happened to usa.kaspersky.com/support)
"We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a free edition of an Acunetix tool." Related: Kaspersky hires expert to analyze Web site hack: http://news.cnet.com/8301-1009_3-10159640-83.html Juha-Matti Juha-Matti Laurio [[email protected]] kirjoitti: > New information to weekend's SQL injection case: > > "Russian antivirus vendor Kaspersky Labs's US website was hacked over the > weekend, exposing the company's customer database, > but Kaspersky has denied data was compromised and says the vulnerability > wasn't critical. > > An unidentified hacker reported over the weekend that he was able to access a > complete profile of the company's databases, > revealing its clients' names, activation codes, list of bugs the company > tracks and client email addresses." > --clip-- > > More at > http://news.zdnet.co.uk/security/0,1000000189,39613858,00.htm > > Juha-Matti > _______________________________________________ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
